SeaMonkey email connects to the wrong server address (Linux)

Discussion of bugs in Seamonkey
Post Reply
LMHmedchem
Posts: 78
Joined: August 31st, 2009, 2:29 pm

SeaMonkey email connects to the wrong server address (Linux)

Post by LMHmedchem »

Hello,

On Friday I had an unusual incident that I am looking into. When I started up Seamonkey (2.53.14 Mozilla/5.0, X11; Linux x86_64; rv:78.0) I immediately started getting messages about failed logins for the different accounts managed by the client. This client manages about a dozen addresses all of which are at my domain. The messages were the same as you would receive for incorrect passwords or unknown account names but this seems to be a generic error that you can also get if you don't have an internet connection, etc.

The first thing I did was to quickly check the server settings to make sure they were not changed. II confirmed that I had a working internet connection also checked /etc/hosts, but there is nothing in there but the localhost definition. I next checked the logs of my hardware firewall to make sure that the IP address of my email server had not changed. My firewall uses and IP address or range for its rules and not a domain name so if for some reason the IP of a server that the domain points to has changed then a new rule needs to be made.

I found that the outgoing connection attempts for the several accounts that tried to connect were made to several different IP addresses,

Code: Select all

IP address        OrgId     OrgName
142.251.40.228    GOGL      Google LLC
142.251.40.170    GOGL      Google LLC
142.250.176.202   GOGL      Google LLC
142.250.65.206    GOGL      Google LLC
104.26.7.175      CLOUD14   Cloudflare, Inc.
104.17.25.14      CLOUD14   Cloudflare, Inc.
34.117.59.81      GOOGL-2   Google LLC
These were all TCP connection attempts at port 995 which corresponds to a POP server.

My provider checked with DNS and their logs indicate that my server domain name has pointed to the same IP address for more than 3 years. This address is the one that corresponds to my firewall rule.

Does anyone know why Seamonkey would have tried to connect to these Google and Cloudflare IP addresses instead of to the IP address that DNS associates with my mail server? Has anyone seen this behaviour before?

I assume that this is a Seamonkey bug, which is why it is posted here. Someone let me know if they think this should be posted elsewhere. Without knowing how Seamonkey makes its external connections, obtains the address through DNS, etc, it is hard to know where to look for the problem.

After about 5 minutes the issue resolved on its own and successful connections were made to the correct IP address for the server. The system is configured to use Open DNS (208.67.222.222 · 208.67.220.220) if that matters. Looking back through the firewall logs, I don't see any other instances of this before or since.

Thanks,

LMHmedchem
Last edited by LMHmedchem on January 10th, 2023, 2:04 pm, edited 3 times in total.
TPR75
Posts: 1353
Joined: July 25th, 2011, 8:11 am
Location: Poland

Re: seamonkey email conencts to the wrong server address(Lin

Post by TPR75 »

LMHmedchem wrote:Does anyone know why Seamonkey would have tried to connect to these Google and Cloudflare IP addresses instead of to the IP address that DNS associates with my mail server?
I don't know what was that but you can disable Google's safebrowsing in SeaMonkey:
viewtopic.php?f=40&t=3059091&p=14856899 ... #p14856899
viewtopic.php?f=40&t=3040370&p=14801729 ... #p14801729
... and test again.
--
LMHmedchem
Posts: 78
Joined: August 31st, 2009, 2:29 pm

Re: seamonkey email conencts to the wrong server address (Li

Post by LMHmedchem »

TPR75 wrote:I don't know what was that but you can disable Google's safebrowsing in SeaMonkey and test again.
Part of the issue here is that I don't know enough about what happened to reproduce/test this. Out of the blue, Seamonkey could not connect to my mail server for about 5 minutes. It turns out that the issue was that the connection attempts were being made to the wrong IP address, meaning not the IP address associated at DNS with the server name entered into the server settings My hardware firewall will only allow TCP 995 connections from this machine to the IP of my mail server. The IP was wrong and so the connection attempt was blocked by the firewall.

I am now trying to determine why Seamonkey was trying to connect to the wrong IP. I am not sure how I can re-test this since it has never happened before or since and I don't know what caused it. It doesn't seem as if the issue was that the DNS server returned the wrong IP as their logs show the correct IP associated with the domain over a long time. I am also assuming that it was Seamonkey attempting to make the connection since the connection attempt was TCP at port 995 but I have no way of confirming that. If there is some log in CentOS that I could read that would clarify that I would appreciate knowing about it.

Noting that this is Seamonkey email and not the browser, does Google safebrowsing check the connections that the email client attempts to make as it does with browser connections? If so, it seems odd that the connection attempt was to a Google IP, but at the POP mail server port. Is port 995 the port that Google safebrowsing typically uses? If so, why have I never seen this error in my firewall logs before. If that is how things worked then every time Seamonkey tried to connect to the email server there would be a firewall log notation for the blocked attempt to connect to Google.

The only thing I can think of is that, for some reason, Seamonkey email was not able to connect. This could have been either to the DNS server or the internet. This could have triggered some atypical event where there was a default to a different IP address than the correct one. I suppose I could disable my internet connection at the firewall and see if I get the same behaviour.

The other possibility is an infection of some kind but these are relatively rare in Linux and infections don't just usually go away.

LMHmedchem
Post Reply